What are the dangers of Facebook cloaking? Is it simply a case of someone being capable of seeing information that...
the user wouldn't necessarily want them to see, or are there more devious attacks that the method will expose?
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
There are two common types of Facebook cloaking. The first is used for potentially illicit search engine optimizing. The second is the more current version that was reported by Technology Review regarding how to make it difficult to be unfriended on Facebook. Facebook responded to the Technology Review report within 48 hours by deploying a modification to its user interface. So, while this may have been an issue, it has been resolved for now.
That second method of cloaking involved deactivating a Facebook account so that users could not remove the account from their "friends" list. This attack required a user to accept an account's friend request before the cloaker could then deactivate the account. At the time of the research, users couldn't unfriend deactivated accounts. This meant that an attacker could enable an account to download all of the content on a user's profile, then disable their account again before someone unfriended them.
Given that many users publish their Facebook updates as public and that few users ever clean up their friends list, it seems that just a few users could have been targeted by a Facebook cloaking attack. This was an important issue that needed a quick resolution because users should be able to remove accounts from their friends list regardless of the status of an account. That said, given Facebook's popularity, it's likely that attackers will continue to find and exploit similar flaws.
The bottom line is that this incident is just the latest wake-up call to remind users that constant vigilance is needed to guard against creative attackers constantly seeking to violate their privacy. If users are concerned enough about their security after this exposure to take steps to enhance their Facebook privacy and avoid security issues such as Facebook cloaking, they should be easily encouraged to use Facebook's privacy settings.
Related Q&A from Nick Lewis, Enterprise Threats
Chameleon malware targets insecure wireless access points. Enterprise threats expert Nick Lewis explains how to defend against the malware.continue reading
The Zeus malware is threatening RTF security by embedding itself in the file, which is commonly seen as safer than other file formats such as PDFs. ...continue reading
Enterprise threats expert Nick Lewis explains how to detect and avoid one of the most advanced malware threats: The Mask.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.